Use the procedures in this topic to help you configure Windows Server 2008 and Windows Server 2008 R2 to support Configuration Manager 2007 SP1 or later site systems.

Note

Configuration Manager 2007 SP1 or later supports installing primary and secondary site systems on Windows Server 2008 and Windows Server 2008 R2 read-only domain controller (RODC) computers. During a site installation, the Configuration Manager 2007 Setup Wizard identifies that the site is being installed on an RODC and searches for a writable domain controller to create the necessary groups required by the type of site installation. However, when installing secondary sites by using the Install Secondary Site Installation Wizard from a Configuration Manager console, you must create the required groups in Active Directory Domain Services before you run the secondary site installation.

Use the following information in this topic to configure Windows Server 2008 and Windows Server 2008 R2 site systems for Configuration Manager:

Remote Differential Compression for site server and branch distribution point computers

Site servers and branch distribution points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison. By default, RDC is not installed on Windows Server 2008 or Windows Server 2008 R2 and must be enabled manually.

Use the following procedure to enable Remote Differential Compression for Windows Server 2008 and Windows Server 2008 R2.

On the Windows Server 2008 or Windows Server 2008 R2 computer, navigate to Start / All Programs / Administrative Tools / Server Manager to start Server Manager. In Server Manager, select the Features node and click Add Features to start the Add Features Wizard.

On the Select Features page, select Remote Differential Compression, and then click Next.

Complete the rest of the wizard.

Close Server Manager.

Internet Information Services (IIS)

You must install Internet Information Services (IIS) for Windows Server 2008 and Windows Server 2008 R2 computers when they will be used to hold any of the following site system roles:

Management point

Distribution points that are enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS

Reporting point

Software update point

Server locator point

Fallback status point

Configure WebDAV to support management points and distribution points that are enabled for "Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS"

In addition to IIS, you must configure WebDAV extensions for management points and distribution points that are enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS.

Use the following procedure that applies to Windows Server 2008 and Windows Server 2008 R2:

On the Windows Server computer, navigate to Start / All Programs / Administrative Tools / Server Manager to start Server Manager. In Server Manager, select the Features node, and then click Add Features to start the Add Features Wizard.

In the Connections pane, expand the Sites node, and then click Default Web Site if you are using the default Web site for the site system or SMSWEB if you are using a custom Web site for the site system.

Use the following procedure to change the property behavior of WebDAV on Windows Server 2008 and Windows Server 2008 R2:

In the WebDAV Authoring Rules page, in the Actions pane, click WebDAV Settings.

In the WebDAV Settings page, for Property Behavior, set Allow anonymous property queries to True.

Set Allow Custom Properties to False.

Set Allow property queries with infinite depth to True.

For a distribution point that is enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS, for WebDAV Behavior, set Allow hidden files to be listed to True.

In the Action pane, click Apply.

Close Internet Information Services (IIS) Manager.

Configure requestFiltering for IIS on distribution points

The following information applies when you use distribution points that are enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS.

By default, IIS blocks several file extensions and folder locations. If package source files contain extensions that are blocked in IIS, you must configure the requestFiltering section in the applicationHost.config file on a distribution points that is enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS.

For example, you might have source files for a software deployment that include a folder named bin, or that contain a file with the .mdb file extension. By default, IIS request filtering blocks access to these elements. When you use the default IIS configuration on a distribution point, clients that use BITS fail to download this software deployment from the distribution point. In this scenario, the clients indicate that they are waiting for content. To enable the clients to download this content by using BITS, on each applicable distribution point, edit the requestFiltering section of the applicationHost.config file to allow access to the files and folders in the software deployment.

Important

When you enable WebDAV and modify the requestFiltering section of the applicationHost.config file for the Web site, this increases the attack surface of the computer. Enable WebDAV only when required for management points and distribution points that are enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS. If you enable WebDAV on the default Web site, it is enabled for all applications that use the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. For more information, see Best Practices for Securing Site Systems.

Use the following procedure to modify requestFiltering for Windows Server 2008 and Windows Server 2008 R2.

Open the applicationHost.config file located in the %Windir%\System32\Inetsrv\Config\ directory on distribution points that are enabled for Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS.

Search for the <requestFiltering> section.

Determine the file name extensions and folder names that you will have in the packages on that distribution point. For each extension and folder name that you require, perform the following steps:

If it is listed as a fileExtension element, set the value for allowed to true.

For example, if your package contains a file with an .mdb extension, change the line true to allowed<add fileExtension=".mdb" allowed="false" /> to <add fileExtension=".mdb" allowed="true" />.

Allow only the file name extensions required for your packages.

If it is listed as a <hiddenSegments> element, delete the entry that matches the file name extension or folder name from the file.

For example, if your package contains a folder with the label of bin, remove the line <add segment=”bin” /> from the file.